From owner-freebsd-net@FreeBSD.ORG  Wed Jan 25 06:54:46 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4C3C016A41F
	for <freebsd-net@freebsd.org>; Wed, 25 Jan 2006 06:54:46 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from a50.ironport.com (a50.ironport.com [63.251.108.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 120BC43D46
	for <freebsd-net@freebsd.org>; Wed, 25 Jan 2006 06:54:46 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from unknown (HELO [192.168.2.4]) ([10.251.60.107])
	by a50.ironport.com with ESMTP; 24 Jan 2006 22:54:45 -0800
Message-ID: <43D720B5.2020803@elischer.org>
Date: Tue, 24 Jan 2006 22:54:45 -0800
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
	rv:1.7.11) Gecko/20050727
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Haisang Wu <haisang@gmail.com>
References: <de1c88480601241823l5a382c09i2e296c9f30e95292@mail.gmail.com>	<43D6E4E9.7010604@mac.com>
	<de1c88480601241904h577433cle1c1faf710c21377@mail.gmail.com>
In-Reply-To: <de1c88480601241904h577433cle1c1faf710c21377@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: Developing New Socket Option on 4.10
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2006 06:54:46 -0000

Haisang Wu wrote:

>Well, I may have some more socket options in the future for the application
>to fill
>segments of the 20-byte tag, and the tag may be extended to 40 or 64 bytes,
>when
>OOB information increases.
>
>How does IPSEC prepend the new header in tunnelling mode? Thanks.
>
>Haisang
>  
>
you COULD use netgraph to do this..
you would have an ng_iface node hooked to your own node that adds the 
header which could be hooked to
an ng_ether interface as a type filter itself or using ng_etf as the 
ethertype filter.